aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls/curl_darwinssl.c
AgeCommit message (Collapse)Author
2015-01-17vtls: Removed unimplemented overrides of curlssl_close_all()Steve Holme
Carrying on from commit 037cd0d991, removed the following unimplemented instances of curlssl_close_all(): Curl_axtls_close_all() Curl_darwinssl_close_all() Curl_cyassl_close_all() Curl_gskit_close_all() Curl_gtls_close_all() Curl_nss_close_all() Curl_polarssl_close_all()
2015-01-07darwinssl: fix session ID keys to only reuse identical sessionsDaniel Stenberg
...to avoid a session ID getting cached without certificate checking and then after a subsequent _enabling_ of the check libcurl could still re-use the session done without cert checks. Bug: http://curl.haxx.se/docs/adv_20150108A.html Reported-by: Marc Hesse
2014-12-27darwinssl: Use 'CURLcode result' for curl result codesSteve Holme
2014-12-15darwinssl: fix incorrect usage of aprintf()Nick Zitzmann
Commit b13923f changed an snprintf() to use aprintf(), but the API usage wasn't correct, and was causing a crash to occur. This fixes it.
2014-12-14darwinssl: aprintf() to allocate the session keyDaniel Stenberg
... to avoid using a fixed memory size that risks being too large or too small.
2014-10-24darwinssl: detect possible future removal of SSLv3 from the frameworkNick Zitzmann
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
2014-10-24SSL: Remove SSLv3 from SSL default due to POODLE attackJay Satiro
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, openssl effectively making the default TLS 1.x. axTLS is not affected since it supports only TLS, and gnutls is not affected since it already defaults to TLS 1.x. - Update CURLOPT_SSLVERSION doc
2014-09-04darwinssl: Use CopyCertSubject() to check CA cert.Vilmos Nebehaj
SecCertificateCopyPublicKey() is not available on iPhone. Use CopyCertSubject() instead to see if the certificate returned by SecCertificateCreateWithData() is valid. Reported-by: Toby Peterson
2014-09-01Check CA certificate in curl_darwinssl.c.Vilmos Nebehaj
SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even if the buffer holds an invalid or corrupt certificate. Call SecCertificateCopyPublicKey() to make sure cacert is a valid certificate.
2014-08-30Fix CA certificate bundle handling in darwinssl.Vilmos Nebehaj
If the --cacert option is used with a CA certificate bundle that contains multiple CA certificates, iterate through it, adding each certificate as a trusted root CA.
2014-08-05darwinssl: don't use strtok()Toby Peterson
The GetDarwinVersionNumber() function uses strtok, which is not thread-safe.
2014-07-30vtls: make the random function mandatory in the TLS backendDaniel Stenberg
To force each backend implementation to really attempt to provide proper random. If a proper random function is missing, then we can explicitly make use of the default one we use when TLS support is missing. This commit makes sure it works for darwinssl, gnutls, nss and openssl.
2014-05-21darwinssl: fix lint & build warnings in the previous commitNick Zitzmann
2014-05-21Add support for --cacert in DarwinSSL.Vilmos Nebehaj
Security Framework on OS X makes it possible to supply extra anchor (CA) certificates via the Certificate, Key, and Trust Services API. This commit makes the '--cacert' option work using this API. More information: https://developer.apple.com/library/mac/documentation/security/Reference/certifkeytrustservices/Reference/reference.html The HTTPS tests now pass on OS X except 314, which requires the '--crl' option to work.
2014-05-15darwinssl: Updated copyright following recent changesSteve Holme
2014-05-14darwinssl: fix potential crash when attempting to copy an identityNick Zitzmann
from a P12 file This could've happened if SecPKCS12Import() returned noErr _and_ no identity.
2014-02-23Don't omit CN verification in DarwinSSL when an IP address is used.David Ryskalczyk
2014-01-09darwinssl: un-break Leopard build after PKCS#12 changeNick Zitzmann
It turns out errSecDecode wasn't defined in Leopard's headers. So we use the enum's value instead. Bug: http://curl.haxx.se/mail/lib-2013-12/0150.html Reported by: Abram Pousada
2013-12-26vtls: Updated comments referencing sslgen.c and ssluse.cSteve Holme
2013-12-26vtls: Fixed up include of vtls.hSteve Holme
2013-12-20vtls: moved all TLS/SSL source and header files into subdirDaniel Stenberg